[Date Prev][Date Next] [Chronological] [Thread] [Top]

Multi-master replication (ldap_sasl_bind_s failed)



Hi all,

My adventure with LDAP lasts a few months, and I came to the topic of replication,
namely multiple-master replication.
cn = config is replicated perfectly, but the schema, say, dc = example, dc = com does not want to: (.

I have two servers slap1 and slap2

I have a standard installation
##Server slap1
    whezzy debian 64bit
    apt-get install-y slapd ldap-utils
    added my scheme
    ldapadd-Y EXTERNAL-H ldapi :///-f $ CURRENT / memberof.ldif
    ldapadd-Y EXTERNAL-H ldapi :///-f $ CURRENT / refint.ldif
    # Add "ldap :/ / ldap1 / in /etc/default/slapd
    sed-i "/^ SLAPD_SERVICES/s/=[^]*/=\"ldap:\/\/slap1\//'/etc/default/slapd
    ldapmodify-Y EXTERNAL-H ldapi :/ / /-f replica1.ldif

    where replica1.ldif (replication configuration)::
            dn: cn=config
            changetype: modify
            add: olcServerID
            olcServerID: 1

            dn: cn=module{0},cn=config
            changetype: modify
            add: olcModuleLoad
            olcModuleLoad: {1}syncprov.la

            dn: olcDatabase={0}config,cn=config
            changetype: modify
            add: olcRootPW
            #only for tests
            olcRootPW: 123 

            dn: cn=config
            changetype: modify
            replace: olcServerID
            olcServerID: 1 ldap://slap1/
            olcServerID: 2 ldap://slap2/

            dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
            changetype: add
            objectClass: olcOverlayConfig
            objectClass: olcSyncProvConfig
            olcOverlay: syncprov

            dn: olcDatabase={0}config,cn=config
            changetype: modify
            add: olcSyncRepl
            olcSyncRepl: rid=001 provider=ldap://slap1/ binddn="cn=admin,cn=config" 
              bindmethod=simple credentials=123 
              searchbase="cn=config" type=refreshAndPersist
              retry="5 5 300 5" timeout=1
            olcSyncRepl: rid=002 provider=ldap://slap2/ binddn="cn=admin,cn=config" 
              bindmethod=simple credentials=123 
              searchbase="cn=config" type=refreshAndPersist
              retry="5 5 300 5" timeout=1
            -
            add: olcMirrorMode
            olcMirrorMode: TRUE

This same scenario takes on a server slap2 (the name change slap1 -> slap2)
    
    where replica2.ldif (replication configuration only servers slap2) :
            dn: cn=config
            changetype: modify
            add: olcServerID
            olcServerID: 2

            dn: cn=module{0},cn=config
            changetype: modify
            add: olcModuleLoad
            olcModuleLoad: {1}syncprov.la

            dn: olcDatabase={0}config,cn=config
            changetype: modify
            #only for tests
            add: olcRootPW
            olcRootPW: 123

            dn: cn=config
            changetype: modify
            replace: olcServerID
            olcServerID: 1 ldap://slap1/
            olcServerID: 2 ldap://slap2/

            dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
            changetype: add
            objectClass: olcOverlayConfig
            objectClass: olcSyncProvConfig
            olcOverlay: syncprov

            dn: olcDatabase={0}config,cn=config
            changetype: modify
            add: olcSyncRepl
            olcSyncRepl: rid=001 provider=ldap://slap1/ binddn="cn=admin,cn=config" 
              bindmethod=simple credentials=123 
              searchbase="cn=config" type=refreshAndPersist
              retry="5 5 300 5" timeout=1
            olcSyncRepl: rid=002 provider=ldap://slap2/ binddn="cn=admin,cn=config" 
              bindmethod=simple credentials=123 
              searchbase="cn=config" type=refreshAndPersist
              retry="5 5 300 5" timeout=1
            -
            add: olcMirrorMode
            olcMirrorMode: TRUE


and it works , the whole configuration is replicated .

Now I want ( I'm trying to add a replication scheme . )
Adds only one server , eg slap2 :
ldapmodify - Y EXTERNAL -H ldapi :/ / / -f rep_schema.ldif

where rep_schema.ldif :

             # add replica schema
            dn: olcDatabase={1}hdb,cn=config
            changetype: modify
            replace: olcRootPW
            olcRootPW: 123
            -
            replace: olcRootDN
            olcRootDN: cn=admin,dc=example,dc=com

            dn: olcDatabase={1}hdb,cn=config
            changetype: modify
            add: olcLimits
            olcLimits: dn.exact="cn=admin,dc=example,dc=com" time.soft=unlimited
              time.hard=unlimited size.soft=unlimited size.hard=unlimited
            -
            add: olcSyncRepl
            olcSyncRepl: rid=004 provider=ldap://ldap1/ binddn="cn=admin,dc=example,dc=com"
              bindmethod=simple credentials="123"
              searchbase="dc=example,dc=com"
              starttls=no
              filter="(objectclass=*)"
              attrs="*,+" scope=sub
              schemachecking=of
              type=refreshAndPersist interval=00:00:00:10 retry="5 5 10 5" timeout=1
            olcSyncRepl: rid=005 provider=ldap://ldap2/ binddn="cn=admin,dc=example,dc=com"
              bindmethod=simple credentials="123"
              searchbase="dc=example,dc=com"
              starttls=no
              filter="(objectclass=*)"
              attrs="*,+" scope=sub
              schemachecking=off
              type=refreshAndPersist interval=00:00:00:10 retry="5 5 10 5" timeout=1
            -
            add: olcDbIndex
            olcDbIndex: entryUUID  eq
            -
            add: olcDbIndex
            olcDbIndex: entryCSN  eq
            -
            add: olcMirrorMode
            olcMirrorMode: TRUE

            dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
            changetype: add
            objectClass: olcOverlayConfig
            objectClass: olcSyncProvConfig
            olcOverlay: syncprov

Configuration replicates and the end, schema does not replicate.
If you try to replicate one of the servers are in the logs I see:


Dec 15 23:44:48 slap1 slapd[4496]: do_syncrepl: rid=004 rc -1 quitting
Dec 15 23:44:48 slap1 slapd[4496]: slap_client_connect: URI=ldap://ldap2/ DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1)
Dec 15 23:44:48 slap1 slapd[4496]: do_syncrepl: rid=005 rc -1 retrying
Dec 15 23:44:58 slap1 slapd[4496]: =>do_syncrepl rid=005
Dec 15 23:44:58 slap1 slapd[4496]: slap_client_connect: URI=ldap://ldap2/ DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1)

Dec 15 23:44:50 slap2 slapd[4456]: do_syncrepl: rid=004 rc -1 retrying
Dec 15 23:44:54 slap2 slapd[4456]: =>do_syncrepl rid=005
Dec 15 23:44:54 slap2 slapd[4456]: slap_client_connect: URI=ldap://ldap2/ DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1)
Dec 15 23:44:54 slap2 slapd[4456]: do_syncrepl: rid=005 rc -1 quitting
Dec 15 23:45:00 slap2 slapd[4456]: =>do_syncrepl rid=004
Dec 15 23:45:00 slap2 slapd[4456]: slap_client_connect: URI=ldap://ldap1/ DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1)


from server slap2 to search slap1:
ldapsearch -x -D cn=admin,dc=example,dc=com-H ldap://slap1/ -b dc=example,dc=com -w 123  (working)

from server slap1 to search slap2:
ldapsearch -x -D cn=admin,dc=example,dc=com-H ldap://slap2/ -b dc=example,dc=com -w 123  (working)

I'm out of ideas...
user : DN="cn=admin,dc=example,dc=com" is created automatically when I install slapd

Can anyone have any suggestions or experience with this problem.
For all, thank you in advance.

Muniek